What is SSL/TLS?
SSL stands for Secure Sockets Layer and it is the original technology that powers the "s" in "https://". Whilst the protocol is not used much these days due to its age and weaknesses, it is the most commonly used term by many domain registrars and web hosting companies to describe encryption security.
Its successor, TLS, stands for Transport Layer Security. It is also a cryptographic protocol which uses stronger encryption algorithms and offers superior privacy and performance.
Websites that are not using SSL/TLS certificates are potentially open to hacking as data passed via the web browser is transmitted publicly and is not encrypted.
SSL/TLS encryption gives your website the padlock icon or green browser bar ensuring that the connection between the website and web server is secure and all data is encrypted. By having SSL/TLS enabled, a secure website will establish a "tunnel" between the server that hosts the website and the web browser. The secure connection and authentication all happen in the background in a fraction of a second and so does not affect the performance of the website.
Google and SSL/TLS
GDPR and SSL/TLS
New UK data protection laws come into effect on 25th May 2018. Under the existing DPA you are required to give people information about your identity and how you intend to use their information, usually through a privacy notice.
4 BIG reasons to implement SSL/TLS certificates:
1. Data is encrypted - hackers cannot intercept the data passed from the website to the website hosting server.
2. Search - Google has stated that sites with SSL will outrank sites without SSL, thus improving the website's SEO and ranking position.
3. Build trust with website visitors - Over 80% of online shoppers say they abandon a purchase when they realise a website is not secure. (Source:
HubSpot)
4. GDPR - New GDPR legislation comes into effect on 25th May 2018 and data encryption becomes a mandatory requirement.
Types of SSL/TLS certificates based on validation level
There a few different types of certificate to choose from and the one you go for will really depend on the requirements of your business and the website functions.
Domain Validation - DV: For this type of SSL certificate, domain validation is done using email or adding a DNS record. In simple words, you need to validate your ownership of the domain name. This kind of certificate can be obtained in a few minutes (or occasionally a few hours). This is ideal for those who don’t have an organisation and no extra security is needed. It’s the cheapest kind of SSL/TLS certificate and is recommended where security is not the most vital factor (i.e blogs).
- Cheap
- Obtained in a maximum of a few hours
- Best for blogs and other non-sensitive websites
Organisation Validation - OV: This is the minimum certificate suggested for e-commerce portals. The Certificate Authority (CA) validates domain ownership & other information through the use of public databases. The major difference between DV & OV is the company validation is done by the Certificate Authority. It’s not as extensive as EV (detailed below), but potentially better than DV.
- Requires 2-3 business days to activate
- No clear advantage over DV certificates
- Minimum for e-commerce portals
Extended Validation - EV: This type of certificate is highly recommended for any website where a transaction is happening. Obtaining the DV and OV certificates are easy, whereas EV certificates require a strict authentication process. This type of certificate displays the organisation the certificate was issued to in the browser. Most banking, finance, and e-commerce site use EV certificates as it offers the most popular green HTTPS address bar.
- Takes about 7-10 days to activate
- Recommended for organisations looking to have the popular green HTTPS address bar
Types of SSL certificates based on secured domains
This is going to be an important decision for anyone who is planning to buy an SSL certificate. Apart from the above three, you also need to pick the certificate type based on domains and subdomains you have.
Single Name SSL Certificate: Only a single hostname is secured with this SSL type.
For example, if you buy a certificate for domain.com, it will not secure docs.domain.com or shop.domain.com.
Note: A Single Name SSL Certificate can also be used to secure only a sub-domain. Example: You can secure shop.domain.com and not domain.com.
Wildcard SSL Certificate: This one secures unlimited sub-domains for a single domain.
For example: Purchasing a Wildcard SSL certificate for mycloudmedia.co.uk will also allow me to secure:
blog.mycloudmedia.co.uk
forum.mycloudmedia.co.uk
and so on…
However, it will not secure abc.blog.mycloudmedia.co.uk
Multi-domain SSL Certificate: A multi-domain SSL certificate supports all different domains & subdomains.
This is highly recommended for those who have multiple domains & subdomains.
Unified Communications Certificate (UCC): UCCs allow customers to protect up to 100 domains using the same certificate.
Unified Communications Certificates are specifically designed to secure Microsoft® Exchange and Office communications environments.
Remember: Using one certificate for multiple domains doesn’t affect you in any way.
Further reading:
Next steps for your website's SSL, TLS and HTTPS
If you already have encryption for your website with SSL, great news!
If not, don't worry - the implementation process is relatively straight forward and we can assist by ensuring the move to "https://" is properly managed and does not negatively affect your hard-earned search engine rankings.
myCloud Media website hosting is secure, UK based and we ensure all sites have Auto-SSL Domain Validation (DV) certificates installed as standard. The permanent move to "https://" complements this certification and involves setting up 301 re-directs for your cached URLs, repointing image paths and testing the site functionality.
We also provide certificate upgrades for OV and EV certificates, plus the implementation of certificates where hosting is done with your own hosting providers.
